1. Field of the Invention
The present invention relates to a method for the authenticated transmission of a data set and/or of a program from a host to a hardware security modulei (HSMi), a system for implementing such a method, and a delivery package for carrying-out such a method.
2. Description of the Prior Art
In the sales and application channels of hardware security modules (HSM) there is typically made a differentiation between the HSM manufacturer, the system manufacturer, who integrates the HSMs in his system products, and the end user of these system products. A typical example of such a system product is a franking machine.
In doing so, the sales channel has to be protected such that system products with false HSMs or with HSMs, which comprise non-authorized software, cannot be made available to end users, for example by unauthorized third parties.
For this purpose, it is known for an HSM manufacturer to individualize an HSM after the manufacture thereof, for example by irreversibly implanting a unique or one-to-one serial number or the like, i.e. store in an HSM memory. Irreversible means herein that later neither a deletion nor a modification is possible. In most cases, further a cryptographic key is established in every HSM. After the electronic circuitries of the HSM have undergone and passed all hardware and software tests, the HSM with the electronic circuitries is sealed by producing or, if already present, activating its manipulation protection. Besides potting, various measures for this purpose are known in the art, and exemplarily only reference is made to documents DE 198 16 572 A1, DE 198 16 571 A1, EP 1 035 516 A2, EP 1 035 517 A2, EP 1 035, 518 A2, EP 1 035 513 A2 and DE 200 20 635 U1.
Then in a pre-personalization phase a code-verifying key is imported into the HSM, by means of which the HSM can later verify, whether or not a loaded application program is authorized. Provided with this code-verifying key an HSM is supplied to the system product manufacturer. On a separate way the system product manufacturer obtains a code-signing key, by means of which he is able to sign application programs. Code-verifying key and code-signing key are a key pair with a one-to-one relationship and are typically produced in an external host system of the HSM manufacturer, which then transmits the code-verifying key via an authenticated communication channel into the HSM. The authentication of the communication channels is normally made by rigorous access controls to the production and pre-personalization process, and supervision of incoming and outgoing material flows and employees by means of the four eyes principle, etc.
In the personalization phase, an application program can be loaded into the HSM, which is then later used in an operative phase (at the end user). In order to prevent that during the personalization phase non-authorized application programs are loaded into the HSM, the HSM requires a digital signature for every application program. This digital signature is verified after loading the application program with the code-verifying key, and with a positive verification the application program is accepted and persistently stored. In case of a negative verification a deletion of the newly loaded application program is carried out.
The personalization phase can be split up, so that the personalization process is started with the manufacture of the system products (pre-initialization) and terminated in the respective sales center of a target market (initialization). During the pre-initialization an import of an authenticated boot loader, registration of the HSM in a PKI of the system product manufacturer and loading of the application program for the end user take place. The initialization is then made by establishing and exchanging cryptographic keys for the end user. With regard to the technology of authenticated of boot loaders, reference is for example made to the document DE 101 37 505 B4.
Since the code-verifying key is the “public” portion of an asymmetric key pair (private/public key), it can be imported into all HSMs of a production, without a risk for the security of the respective (secret or to be kept secret) code-signing key.
HSMs are also known that operate with a secure communication interface to the host system on the base of symmetric encryption systems. The host system is enabled to initialize a so-called session with the HSM and to then transmit data sets and/or programs into the HSM, and that encrypted by means of a session key. For this purpose, a system manufacturer obtains the cryptographic session keys on a separate way from the HSM manufacturer. The session key must however be kept at the production site, and that in a secure environment, for example in an HSM integrated in the host and having a secure host processor and a secure host memory. This is of course required separately for every production site, which is expensive in setting-up and maintaining.
Therefore all above variants have the common drawback that at a production site of a system manufacturer high security measures are necessary, in order to prevent fraudulent use of codes and/or data sets and/or application programs. The device and the maintenance of such high security measures is expensive, time-consuming and prone to malfunctions.